Practically 12-months outdated COVIDSafe laws cited as reason behind Privateness Act evaluation delays
The Attorney General’s Office (AGD) said the reason for the delay in revising the Australian Data Protection Act of 1988 was because staff needed to work on the COVIDSafe legislation, which entered Parliament in May last year.
During Tuesday evening’s Senate estimates, the Senators raised concerns over statements made by Attorney General Christian Porter, who is currently on vacation, in March 2019 that harsher penalties are on the way for misuse of Australians’ personal information as such protections have not been put in place.
“The team working on the legislation and data protection law review has also looked at other priorities. For example, the COVIDSafe legislation … which has put some of these issues into considerable effort,” said the assistant secretary for integrity and International The group in the AGD, Sarah Chidgey, replied.
See Also: Attorney General Is Requested To Provide Facts About US Law Enforcement Access To COVIDSafe
The department is currently reviewing the Data Protection Act. Since October all interested parties have been asked to make their two cents available. Chidgey said a draft was on the way.
“We have been working on a draft as part of the Data Protection Act review and expect it to be published shortly along with the further discussion paper on the Data Protection Act Review,” she said, noting that “a lot of work has been done on it” .
“We have used contributions that we received as part of the review of the data protection law to better inform the development of this draft law.”
Australian Information and Data Protection Commissioner Angelene Falk welcomed any additions to their regulatory toolkit that would come with an updated data protection act.
Your submission for review included recommendations such as considering international developments such as the General Data Protection Regulation in Europe and adapting global systems to Australia.
“I think the investigation into digital platforms carried out by the ACCC (Australian Competition and Consumer Commission) has made the public aware of the extent of computing practices … and a number of recommendations have been made by that investigation, one of which some were like my own According to this research, some changes to the data protection law should be made to ensure that data processing practices can be regulated for the next decade, “she said.
“I applaud all changes and improvements to the regulatory toolkit I currently have. I look forward to both the legislation on these issues and the progress of the review which is being conducted more broadly, or is currently being conducted by the department.”
PRIVACY REVIEWS IN THE REVIEW AREA
Falk was asked about the requirement that all Australian government agencies keep a register of data protection impact assessments carried out. Greens vice chairman Senator Nick McKim made explicit reference to a Home Office project related to its travel exemption portal, which is designed to allow people to enter or leave Australia.
While Falk is unaware of the project, McKim said individuals are currently being encouraged by Home Affairs to provide information such as banking details, financial assets, social media information, personal communications between them and their partners, private health and medical information, personal information Relationship proof photos and medical reports in support of any medical claims, including mental health reports.
“I think I have a hard time commenting on a particular one [project] … But the principle is that a department that deals with personal data in a different way or a new project that deals with personal data in a way that can be considered high risk should conduct a data protection impact assessment “, said she said.
“Many departments also do a preliminary assessment to decide whether or not that threshold is actually being reached. And I understand that this is usually the way many of the big departments and I think the Home Office actually does does these preliminary assessments to decide whether or not to conduct a full data protection impact assessment. “
Under the Data Protection Act, Falk has the authority to instruct an agency to carry out an impact assessment on data protection. However, this power has not been exercised.
She said her office is currently examining how many agencies have privacy impact assessment registers.
“Regardless, we believe we would expect Australian government agencies to have posted a location on their website where these documents could be found,” she added.